Hello,
On 28.4.2013 19:50, Jakub Hrozek wrote:
> >get a single machine to be able to perform any update, and have this as
> >one of the entries in my "bind update policy":
> >grant SERVICE\[email protected] wildcard * ANY;
String "SERVICE/[email protected]" in the example is full
principal name including Kerberos REALM. The string "SERVICE" has to be
replaced with real service name.
Everything is case sensitive!
See http://www.zytrax.com/tech/survival/kerberos.html#terminology for some
Kerberos basics.
Your zone update policy should include something like "grant
host/\[email protected] wildcard * ANY;"
This example contains an error: Character '/' in principal name has be to
replaced with "\047". The corrected example is:
"grant host\[email protected] wildcard * ANY;"
--
Petr^2 Spacek
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
